# Fast, Lightweight, and Efficient Cybersecurity Optimization for Tactical–Operational Management

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## Featured Application

**This study holds direct applicability for organizations seeking to establish comprehensive, tactical, and operational cybersecurity management, especially within the CyberTOMP framework. In order to achieve this objective, the concerned organization will need to achieve consensus among all functional domains involved in cybersecurity within the organization regarding the implementation of cybersecurity measures. The present proposal has been formulated with the aim of facilitating this process by devising a set of cybersecurity actions that will enable the organization to comply with its strategic cybersecurity goals upon their implementation.**

## Abstract

## 1. Introduction

^{28}possibilities, and for high criticality, there are 3.5 × 10

^{100}options. Manually identifying the right combination of expected outcomes and levels of implementation is time-consuming and often unacceptable, making it challenging to reach an agreed-upon cybersecurity status during the management gatherings where decisions must be made. Meeting strategic constraints while aligning with current cybersecurity status is difficult, especially when the number of constraints increases. This results in a process that only targets the first feasible combination instead of exploring more possibilities, making it challenging to hold a productive discussion.

- An appropriate mechanism for searching feasible sets of cybersecurity actions for their application to the CyberTOMP framework.
- The demonstration of the application of evolutionary computing to decision-making in cybersecurity management.

## 2. Problem Modeling and Formulation

#### 2.1. Determining Value of FLECO Parameters

#### 2.2. Formulation of the Multi-Objective Optimization Problem

#### 2.3. Representation of Individuals

^{28}, 2.63281 × 10

^{64}, and 3.4996 × 10

^{100}, respectively, as shown in Table 1.

#### 2.4. Crossover and Mutation Operators

#### 2.5. Population and Selection Method

#### 2.6. Algorithm Stopping Criteria

- The solution is provided in a timely manner. Since the solution must be discussed in a meeting to reach agreements, it is necessary that the solution is provided to the cross-functional cybersecurity workforce by FLECO within a reasonable timeframe, no longer than 5 min. This requirement has been established by the organization’s decision-maker responsible for deploying the CyberTOMP framework. Subsequently, the proposed solution can be deliberated upon amongst various functional domains, ultimately accepted upon consensus, or rejected outright.
- The solution must fulfill all the specific cybersecurity constraints, which is ultimately achieved if $f1(\overrightarrow{x})=1.0$ as described in Section 2.2.
- The algorithm will terminate when either of the two conditions is met.

#### 2.7. Stagnation Detection and Scape

Algorithm 1. Pseudo-code of the mechanism for stagnation detection and scape. | ||||

1: | Set default values for FLECO parameters | |||

2: | While conditions to stop FLECO are not met | |||

3: | Update last time the best individual’s fitness changed | |||

4: | Compute period from last time best individual’s fitness changed to “now” | |||

5: | Estimate whether FLECO seems to be in a local minimum | |||

6: | Estimate whether FLECO is deeply stagnated | |||

7: | If seems to be in a local minimum | |||

8: | Apply increased mutation rate | |||

9: | If it is deeply stagnated | |||

10: | Remove current 50% of population’s best individuals (soft reset) Regenerate the population with random individuals | |||

11: | End if | |||

12: | Increase diversity by adding extra random individuals | |||

13: | Else | |||

14: | Reset FLECO parameters to their default values | |||

15: | End if | |||

16: | End while |

- Additionally, the mutation rate, usually fixed at 0.05, is dynamically increased [35] 20-fold to yield a value of 1.0, which helps the algorithm evade potential sub-optimal solutions.
- If the entrapment situation persists despite these adaptive adjustments, a secondary threshold (3.13%) is used to detect it. In this case, the top 1/2 (50%) of the best fitted individuals in the population are removed from the population and replaced by random individuals. This adjustment functions as a soft reset for the algorithm [36], preserving part of the already mature population while eliminating the most problematic individuals. This approach enables FLECO to escape from low-quality solutions in most situations and explore alternative regions of the solution space.

## 3. Experiments Design and Result

#### 3.1. Definition of Initial Statuses

#### 3.2. Definition of Strategic Constraints

#### 3.3. Definition of Analysis Cases

#### 3.4. Execution and Experiment Results

## 4. Conclusions and Future Work

- An effective mechanism, as it discovers solutions that comply with all business-level constraints.
- A rapid mechanism, as it achieves this within a timeframe of less than 5 min, facilitating the smooth implementation of the CyberTOMP framework.
- An efficient mechanism, as it operates using general-purpose hardware similar to the workstations commonly found in contemporary companies.
- A predictable mechanism, as it exhibits stable behavior regardless of search conditions, consistently delivering solutions of comparable quality.
- The practical demonstration of the application of evolutionary computing to decision-making in cybersecurity management.

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Conflicts of Interest

## References

- ENISA. ENISA Threat Landscape 2022; European Union Agency for Cybersecurity: Heraclión, Greece, 2022; Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022 (accessed on 21 May 2023).
- CCN-CERT. Ciberamenazas y tendencias-Edición 2022; CCN: Madrid, Spain, 2022; Available online: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/6786-ccn-cert-ia-24-22-ciberamenazas-y-tendencias-edicion-2022-1/file.html (accessed on 21 May 2023).
- van Kranenburg, R.; Le Gars, G. The Cybersecurity Aspects of New Entities Need a Cybernetic, Holistic Perspective. Int. J. Cyber Forensic Adv. Threat. Investig.
**2021**, 1, 2. [Google Scholar] [CrossRef] - NIST. Framework for Improving Critical Infrastructure Cybersecurity v1.1; National Institute of Standards and Tecnology: Gaithersburg, MD, USA, 2018. Available online: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf (accessed on 21 May 2023).
- ISO/IEC JTC 1/SC 27; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. ISO/IEC: Geneva, Switzerland, 2022.
- ISO/IEC JTC 1/SC 27b; Information Security, Cybersecurity and Privacy Protection—Information Security Controls. ISO/IEC: Geneve, Switzerland, 2022.
- Tisdale, S.M. Architecting a cybersecurity management framework. Issues Inf. Syst.
**2016**, 17, 227–236. [Google Scholar] - Axon, L.; Arnau, E.; van Rensburg, A.J.; Nurse, J.R.C.; Goldsmith, M.; Creese, S. Practitioners’ Views on Cybersecurity Control Adoption and Effectiveness. In Proceedings of the ARES 21: Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria, 17–20 August 2021. [Google Scholar]
- Domínguez-Dorado, M.; Carmona-Murillo, J.; Cortés-Polo, D.; Rodríguez-Pérez, F.J. CyberTOMP: A Novel Systematic Framework to Manage Asset-Focused Cybersecurity From Tactical and Operational Levels. IEEE Access
**2022**, 10, 122454–122485. [Google Scholar] - CIS, CIS Critical Controls(R). Version 8; Center for Internet Security: New York, NY, USA, 2021.
- Wilson, K.S.; Kiy, M.A. Some Fundamental Cybersecurity Concepts. IEEE Access
**2014**, 2, 116–124. [Google Scholar] [CrossRef] - Center for Internet Security, CIS Community Defense Model v2.0; CIS: New York, NY, USA, 2021.
- MITRE, MITRE ATT&CK. Available online: https://attack.mitre.org/ (accessed on 3 March 2023).
- Katoch, S.; Chauhan, S.S.; Kumar, V. A review on genetic algorithm: Past, present, and future. Multimed. Tools Appl.
**2021**, 80, 8091–8126. [Google Scholar] [CrossRef] [PubMed] - Alhijawi, B.; Awajan, A. Genetic algorithms: Theory, genetic operators, solutions, and applications. Evol. Intell.
**2023**. [Google Scholar] [CrossRef] - Alorf, A. A survey of recently developed metaheuristics and their comparative analysis. Eng. Appl. Artif. Intell.
**2023**, 117, 105622. [Google Scholar] [CrossRef] - Lee, K. A review of applications of genetic algorithms in operations management. Eng. Appl. Artif. Intell.
**2018**, 76, 1–12. [Google Scholar] [CrossRef] - Jauhar, S.K.; Pant, M. Genetic algorithms in supply chain management: A critical analysis of the literature. Sādhanā
**2016**, 41, 993–1017. [Google Scholar] [CrossRef] - Rees, L.P.; Deane, J.K.; Rakes, T.R.; Baker, W.H. Decision support for Cybersecurity risk planning. Decis. Support Syst.
**2011**, 51, 493–505. [Google Scholar] [CrossRef] - Uuganbayar, G.; Yautsiukhin, A.; Martinelli, F.; Massacci, F. Optimisation of cyber insurance coverage with selection of cost effective security controls. Comput. Secur.
**2021**, 101, 102121. [Google Scholar] [CrossRef] - Mollaeefar, M.; Ranise, S. Identifying and quantifying trade-offs in multi-stakeholder risk evaluation with applications to the data protection impact assessment of the GDPR. Comput. Secur.
**2023**, 129, 103206. [Google Scholar] [CrossRef] - Deb, K.; Agrawal, S. Understanding interactions among genetic algorithm parameters. Found. Genet. Algorithms
**1999**, 5, 265–286. [Google Scholar] - Falcón-Cardona, J.G.; Gómez, R.H.; Coello, C.A.; Tapia, M.G. Parallel Multi-Objective Evolutionary Algorithms: A Comprehensive Survey. In Swarm and Evolutionary Computation; Elsevier: Amsterdam, The Netherlands, 2021; Volume 67, pp. 1–23. [Google Scholar]
- Konak, A.; Coit, D.W.; Smith, A.E. Multi-objective optimization using genetic algorithms: A tutorial. Reliab. Eng. Syst. Saf.
**2006**, 91, 992–1007. [Google Scholar] [CrossRef] - Liang, J.; Ban, X.; Yu, K.; Qu, B.; Qiao, K.; Yue, C.; Chen, K.; Tan, K.C. A Survey on Evolutionary Constrained Multi-objective Optimization. IEEE Trans. Evol. Comput.
**2022**, 27, 1–20. [Google Scholar] - Zainuddin, F.A.; Abd Samad, M.F.; Tunggal, D. A Review of Crossover Methods and Problem Representation of Genetic Algorithm in Recent Engineering Applications. Int. J. Adv. Sci. Technol.
**2020**, 29, 759–769. [Google Scholar] - Srinivas, M.; Patnaik, L. Genetic algorithms: A survey. Computer
**1994**, 27, 17–26. [Google Scholar] [CrossRef] - Hassanat, A.; Almohammadi, K.; Alkafaween, E.; Abunawas, E.; Hammouri, A.; Prasath, V.B.S. Choosing Mutation and Crossover Ratios for Genetic Algorithms—A Review with a New Dynamic Approach. Information
**2019**, 10, 390. [Google Scholar] [CrossRef] - Galeano-Brajones, J.; Luna-Valero, F.; Carmona-Murillo, J.; Cano, P.H.Z.; Valenzuela-Valdés, J.F. Designing problem-specific operators for solving the Cell Switch-Off problem in ultra-dense 5G networks with hybrid MOEAs. Swarm Evol. Comput.
**2023**, 78, 1–17. [Google Scholar] [CrossRef] - Mirjalili, S. Genetic Algorithm. In Evolutionary Algorithms and Neural Networks. Studies in Computational Intelligence; Springer: Cham, Switzerland, 2018; Volume 780, pp. 43–55. [Google Scholar]
- Higgs, T.; Stantic, B.; Hoque, T.; Sattar, A. Refining Genetic Algorithm twin removal for high-resolution protein structure prediction. In Proceedings of the 2012 IEEE Congress on Evolutionary Computation, Brisbane, QLD, Australia, 10–15 June 2012. [Google Scholar]
- Imani, M.; Pakizeh, E.; Saraee, M. Improving genetic algorithm with the help of novel twin removal method. In Proceedings of the Tenth IASTED International Conference on Artificial Intelligence and Applications, Innsbruck, Austria, 15 February 2010. [Google Scholar]
- Arabas, J.; Michalewicz, Z.; Mulawka, J. GAVaPS-a genetic algorithm with varying population size. In Proceedings of the First IEEE Conference on Evolutionary Computation. IEEE World Congress on Computational Intelligence, Orlando, FL, USA, 27–29 June 1994. [Google Scholar]
- Lobo, F.G.; Lima, C.F. A review of adaptive population sizing schemes in genetic algorithms. In Proceedings of the 7th Annual Workshop on Genetic and Evolutionary Computation (GECCO ’05), New York, NY, USA, 25–29 June 2005. [Google Scholar]
- Libelli, S.M.; Alba, P. Adaptive mutation in genetic algorithms. Soft Comput.
**2000**, 4, 76–80. [Google Scholar] [CrossRef] - Ribas, P.C.; Yamamoto, L.; Polli, H.L.; Arruda, L.; Neves-Jr, F. A micro-genetic algorithm for multi-objective scheduling of a real world pipeline network. Eng. Appl. Artif. Intell.
**2013**, 26, 302–313. [Google Scholar] [CrossRef] - Zafer, B. Adaptive genetic algorithms applied to dynamic multiobjective problems. Appl. Soft Comput.
**2007**, 7, 791–799. [Google Scholar]

**Figure 3.**Approximation achieved by FLECO of the constrained solutions space. Each green dot is a feasible, high-quality solution found by FLECO.

IG | Genes | Alleles | Combinations |
---|---|---|---|

1 | 47 | 4 | 198,070 × 10^{28} |

2 | 107 | 4 | 263,281 × 10^{64} |

3 | 167 | 4 | 34,996 × 10^{100} |

Strategic Constraints | IG1 | IG2 | IG3 | Cumulated IG1 | Cumulated IG2 | Cumulated IG3 |
---|---|---|---|---|---|---|

Asset constraints | 1 | 1 | 1 | 1 | 1 | 1 |

Function constraints | 1 | 1 | 1 | 2 | 2 | 2 |

Category constraints | 2 | 2 | 3 | 4 | 4 | 5 |

Expected outcomes constraints | 5 | 11 | 17 | 9 | 15 | 22 |

Total constraints | 9 | 15 | 22 | 9 | 15 | 22 |

Strategic Constraint Type | Asset | Function | Category | Expected Outcome | Operator | Value | IG1 | IG2 | IG3 |
---|---|---|---|---|---|---|---|---|---|

Asset | Asset | - | - | - | > | 0.65 | ✓ | ✓ | ✓ |

Function | Asset | ID | - | - | ≥ | 0.6 | ✓ | ✓ | ✓ |

Category | Asset | RC | RC.CO | - | < | 0.8 | ✓ | ||

Category | Asset | PR | PR.AC | - | > | 0.6 | ✓ | ✓ | ✓ |

Category | Asset | ID | ID.SC | - | ≥ | 0.5 | ✓ | ✓ | ✓ |

Expected outcome | Asset | RC | RC.CO | RC.CO-3 | > | 0.6 | ✓ | ||

Expected outcome | Asset | RS | RS.MI | RS.MI-3 | ≥ | 0.3 | ✓ | ||

Expected outcome | Asset | DE | DE.DP | DE.DP-5 | = | 0.67 | ✓ | ||

Expected outcome | Asset | DE | DE.AE | DE.AE-5 | < | 0.6 | ✓ | ||

Expected outcome | Asset | PR | PR.PT | 9D-7 | ≤ | 0.6 | ✓ | ||

Expected outcome | Asset | ID | ID.BE | ID.BE-3 | ≥ | 0.7 | ✓ | ||

Expected outcome | Asset | ID | ID.AM | CSC-12.4 | = | 0.33 | ✓ | ✓ | |

Expected outcome | Asset | ID | ID.GV | CSC-5.6 | ≥ | 0.2 | ✓ | ✓ | |

Expected outcome | Asset | PR | PR.AC | CSC-5.6 | > | 0.6 | ✓ | ✓ | |

Expected outcome | Asset | PR | PR.IP | 9D-8 | ≥ | 0.3 | ✓ | ✓ | |

Expected outcome | Asset | DE | DE.AE | DE.AE-1 | = | 0.67 | ✓ | ✓ | |

Expected outcome | Asset | RS | RS.AN | RS.AN-1 | < | 0.6 | ✓ | ✓ | |

Expected outcome | Asset | ID | ID.AM | CSC-3.6 | ≤ | 0.6 | ✓ | ✓ | ✓ |

Expected outcome | Asset | PR | PR.MA | CSC-4.2 | ≥ | 0.5 | ✓ | ✓ | ✓ |

Expected outcome | Asset | DE | DE.AE | DE.AE-3 | = | 0.33 | ✓ | ✓ | ✓ |

Expected outcome | Asset | DE | DE.CM | DE.CM-4 | ≥ | 0.2 | ✓ | ✓ | ✓ |

Expected outcome | Asset | RS | RS.MI | CSC-1.2 | ≥ | 0.2 | ✓ | ✓ | ✓ |

IG | Strategic Constraints Levels | $\overline{\mathit{t}}$ | $\mathit{\sigma}(\mathit{t})$ | $\tilde{\mathit{t}}$ |
---|---|---|---|---|

1 | A | 0.211166 | 0.071250 | 0.200270 |

1 | A-F | 0.219383 | 0.108698 | 0.223835 |

1 | A-F-C | 0.236180 | 0.099249 | 0.246635 |

1 | A-F-C-EO | 0.245545 | 0.192466 | 0.191478 |

2 | A | 0.667603 | 0.152436 | 0.677265 |

2 | A-F | 0.634475 | 0.171314 | 0.661716 |

2 | A-F-C | 0.712537 | 0.253927 | 0.760814 |

2 | A-F-C-EO | 0.388333 | 0.214490 | 0.294797 |

3 | A | 1.241601 | 0.322026 | 1.300380 |

3 | A-F | 1.291096 | 0.309675 | 1.315561 |

3 | A-F-C | 1.387193 | 0.308389 | 1.449513 |

3 | A-F-C-EO | 0.574846 | 0.261707 | 0.519179 |

IG | Strategic Constraints Levels | $\overline{\mathit{f}1(\overrightarrow{\mathit{x}})}$ | $\mathit{\sigma}(\mathit{f}1(\overrightarrow{\mathit{x}}))$ | $\tilde{\mathit{f}1(\overrightarrow{\mathit{x}})}$ | $\overline{\mathit{f}2(\overrightarrow{\mathit{x}})}$ | $\mathit{\sigma}(\mathit{f}2(\overrightarrow{\mathit{x}}))$ | $\tilde{\mathit{f}2(\overrightarrow{\mathit{x}})}$ | $\overline{\mathit{f}3(\overrightarrow{\mathit{x}})}$ | $\mathit{\sigma}(\mathit{f}3(\overrightarrow{\mathit{x}}))$ | $\tilde{\mathit{f}3(\overrightarrow{\mathit{x}})}$ |
---|---|---|---|---|---|---|---|---|---|---|

1 | A | 1.00 | 0.00 | 1.00 | 0.804147 | 0.009005 | 0.801489 | 0.669295 | 0.017062 | 0.665523 |

1 | A-F | 1.00 | 0.00 | 1.00 | 0.817820 | 0.041293 | 0.801489 | 0.667423 | 0.015376 | 0.662577 |

1 | A-F-C | 1.00 | 0.00 | 1.00 | 0.814755 | 0.035440 | 0.801489 | 0.669001 | 0.016742 | 0.663130 |

1 | A-F-C-EO | 1.00 | 0.00 | 1.00 | 0.811145 | 0.016723 | 0.801489 | 0.662561 | 0.011586 | 0.659791 |

2 | A | 1.00 | 0.00 | 1.00 | 0.803195 | 0.011234 | 0.800561 | 0.660704 | 0.010372 | 0.658164 |

2 | A-F | 1.00 | 0.00 | 1.00 | 0.803958 | 0.012015 | 0.800561 | 0.660461 | 0.009044 | 0.658408 |

2 | A-F-C | 1.00 | 0.00 | 1.00 | 0.808690 | 0.022809 | 0.800561 | 0.659015 | 0.008397 | 0.656217 |

2 | A-F-C-EO | 1.00 | 0.00 | 1.00 | 0.820165 | 0.022698 | 0.809813 | 0.654826 | 0.005065 | 0.653115 |

3 | A | 1.00 | 0.00 | 1.00 | 0.807198 | 0.024698 | 0.800419 | 0.657923 | 0.006619 | 0.656296 |

3 | A-F | 1.00 | 0.00 | 1.00 | 0.803646 | 0.013384 | 0.800359 | 0.659479 | 0.009102 | 0.656734 |

3 | A-F-C | 1.00 | 0.00 | 1.00 | 0.802865 | 0.010542 | 0.800359 | 0.659695 | 0.009007 | 0.657471 |

3 | A-F-C-EO | 1.00 | 0.00 | 1.00 | 0.841527 | 0.028920 | 0.839940 | 0.653301 | 0.003522 | 0.652164 |

IG | Strategic Constraints Levels | $\overline{\mathit{f}(\overrightarrow{\mathit{x}})}$ | $\mathit{\sigma}(\mathit{f}(\overrightarrow{\mathit{x}}))$ | $\tilde{\mathit{f}(\overrightarrow{\mathit{x}})}$ |
---|---|---|---|---|

1 | A | 0.986900 | 0.000467 | 0.986783 |

1 | A-F | 0.987565 | 0.002054 | 0.986796 |

1 | A-F-C | 0.987428 | 0.001752 | 0.986874 |

1 | A-F-C-EO | 0.987183 | 0.000835 | 0.986812 |

2 | A | 0.986767 | 0.000559 | 0.986670 |

2 | A-F | 0.986803 | 0.000595 | 0.986680 |

2 | A-F-C | 0.987025 | 0.001132 | 0.986647 |

2 | A-F-C-EO | 0.987557 | 0.001130 | 0.987106 |

3 | A | 0.986939 | 0.001223 | 0.986627 |

3 | A-F | 0.986777 | 0.000664 | 0.986639 |

3 | A-F-C | 0.986740 | 0.000527 | 0.986625 |

3 | A-FC-EO | 0.988609 | 0.001446 | 0.988549 |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Domínguez-Dorado, M.; Cortés-Polo, D.; Carmona-Murillo, J.; Rodríguez-Pérez, F.J.; Galeano-Brajones, J.
Fast, Lightweight, and Efficient Cybersecurity Optimization for Tactical–Operational Management. *Appl. Sci.* **2023**, *13*, 6327.
https://doi.org/10.3390/app13106327

**AMA Style**

Domínguez-Dorado M, Cortés-Polo D, Carmona-Murillo J, Rodríguez-Pérez FJ, Galeano-Brajones J.
Fast, Lightweight, and Efficient Cybersecurity Optimization for Tactical–Operational Management. *Applied Sciences*. 2023; 13(10):6327.
https://doi.org/10.3390/app13106327

**Chicago/Turabian Style**

Domínguez-Dorado, Manuel, David Cortés-Polo, Javier Carmona-Murillo, Francisco J. Rodríguez-Pérez, and Jesús Galeano-Brajones.
2023. "Fast, Lightweight, and Efficient Cybersecurity Optimization for Tactical–Operational Management" *Applied Sciences* 13, no. 10: 6327.
https://doi.org/10.3390/app13106327